Field of the Invention
Aspects of this invention relate generally to public key cryptography, and more particularly to a method for authenticating a digital certificate and corresponding system, apparatus and computer program products.
Description of Related Art
Public-key cryptography is a well-known technique for securing electronic communications. Each user holds a private key and a public key, which are related to each other. The public key is used for encryption of data and is freely shared, while the private key is used for decryption and is not shared. When one entity wishes to send data to a recipient entity, they can encrypt the data with the recipient's public key, so that only the recipient can decrypt it upon receipt, using their private key.
Public-key cryptography relies on entities being able to obtain authentic copies of other entities' public keys. For example, suppose a user wishes to login to their bank account through their web browser. If the user's web browser uses the wrong public key for the bank, then the traffic (including log-in credentials) can be intercepted and manipulated by an attacker.
One way to provide assurance to one entity about the public key of another entity is via a Certificate Authority (CA). In the example given, the browser is presented with a public key certificate for the bank, which is intended to be unforgeable evidence that the given public key is the correct one for the bank. The certificate is digitally signed by a CA. The browser is pre-configured to accept certificates from certain known CAs. A typical installation of Firefox has about 100 CAs in its database.
CAs must be assumed to be honest. If a CA is dishonest, it may issue certificates asserting the authenticity of fake keys; they could be keys created by an attacker or by the CA itself. Unfortunately, the assumption of honesty does not scale up very well. A user has hundreds of CAs registered in their browser, and cannot be expected to have evaluated the trustworthiness of all of them. This fact has been exploited by attackers. If an attacker manages to insert a malicious CA into the user's browser, the attacker can get the browser to accept fake keys for standard services (such as bank web sites and webmail sites). Then the attacker can intercept and manipulate the user's traffic with those sites. Inserting a malicious CA can be done in a number of ways, such as: shipping malicious software, and social engineering attacks.
There is therefore a need for proving the authenticity of public keys in a way that cannot be compromised by a dishonest CA.
For some applications, providing authentication of public keys via a CA is not realistic. For example, the Pretty Good Privacy (PGP) encryption standard is used for e-mails and is targeted at individual e-mail users rather than corporate users. In that context, there are no entities that naturally fulfil the requirements to function as a CA, and so authentication of public keys is achieved on the basis of a peer-to-peer web of trust. The certifying role is spread amongst a set of users, each of whom are somewhat trusted and somewhat known to the sender and receiver with the expectation that, taken together, this comprises enough evidence of the authenticity of the public key.
However, e-mail encryption has not been widely adopted due to the burden that is placed on users. The model is either too complex or too time-consuming for the general public to understand and implement.
There is a need for proving the authenticity of public keys in a way that is “user-friendly”—in other words, can be provided in a form that users can adopt without needing to understand anything of how it works.
Aspects of the present invention fulfill these needs and provide further related advantages as described in the following summary.